Steward holds the most sensitive data a company has. It's built accordingly.
Spend, bank connections, and the general ledger all live here. Below is exactly how we protect them — every item is a control that's live in the product today, described plainly, with nothing we can't back up.
Steward is architected to SOC 2 trust principles, and the controls above are the substance an audit examines. We have not yet completed a SOC 2 audit, so we don't display a badge we don't hold — a Type II audit is on our roadmap as we grow into larger deployments. If your review needs our current security posture in writing, ask and we'll share it.
Your data is yours. You can request a full export of your organization's records, or its deletion, at any time — deletion cascades across every table and is itself audited. Self-serve export and deletion controls are rolling out; until then, contact us and we'll action it promptly.